info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-14 01:33:58 +02:00
Code Issues Projects Releases Wiki Activity

Improves wording on the Cross-Site Scripting segment

Browse Source
This commit is contained in:
Pontus Alexander
2012-10-15 09:27:03 +02:00
parent 086d8ea6b3
commit f1e806c941
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
_posts/07-04-01-Data-Filtering.md
View File

@@ -19,8 +19,10 @@ the data is filtered properly and can it be trusted.
Data may be _filtered_ differently based on its purpose. For example, when unfiltered foreign input is passed
into HTML page output, it can execute HTML and JavaScript on your site! This is known as Cross-Site
Scripting (XSS) and can be a very dangerous attack. One way to avoid XSS is to sanitize all HTML tags
in the input by removing tags or escaping them into HTML entities.
Scripting (XSS) and can be a very dangerous attack. One way to avoid XSS is to sanitize all user-generated
data before outputting it to your page by removing HTML tags with the `strip_tags` function or escaping
characters with special meaning into their respective HTML entities with the `htmlentities`
or `htmlspecialchars` functions.
Another example is passing options to be executed on the command line. This can be extremely dangerous
(and is usually a bad idea), but you can use the built-in `escapeshellarg` function to sanitize the executed